1EVP_PKEY_IS_A(3ossl) OpenSSL EVP_PKEY_IS_A(3ossl)
2
6 EVP_PKEY_is_a, EVP_PKEY_can_sign, EVP_PKEY_type_names_do_all,
7 EVP_PKEY_get0_type_name, EVP_PKEY_get0_description,
8 EVP_PKEY_get0_provider - key type and capabilities functions
9
11 #include <openssl/evp.h>
12 int EVP_PKEY_is_a(const EVP_PKEY *pkey, const char *name);
14 int EVP_PKEY_can_sign(const EVP_PKEY *pkey);
15 int EVP_PKEY_type_names_do_all(const EVP_PKEY *pkey,
16 void (*fn)(const char *name, void *data),
17 void *data);
18 const char *EVP_PKEY_get0_type_name(const EVP_PKEY *key);
19 const char *EVP_PKEY_get0_description(const EVP_PKEY *key);
20 const OSSL_PROVIDER *EVP_PKEY_get0_provider(const EVP_PKEY *key);
21
23 EVP_PKEY_is_a() checks if the key type of pkey is name.
24 EVP_PKEY_can_sign() checks if the functionality for the key type of
26 pkey supports signing. No other check is done, such as whether pkey
27 contains a private key.
28 EVP_PKEY_type_names_do_all() traverses all names for pkey's key type,
30 and calls fn with each name and data. For example, an RSA EVP_PKEY may
31 be named both "RSA" and "rsaEncryption". The order of the names
32 depends on the provider implementation that holds the key.
33 EVP_PKEY_get0_type_name() returns the first key type name that is found
35 for the given pkey. Note that the pkey may have multiple synonyms
36 associated with it. In this case it depends on the provider
37 implementation that holds the key which one will be returned.
38 Ownership of the returned string is retained by the pkey object and
39 should not be freed by the caller.
40 EVP_PKEY_get0_description() returns a description of the type of
42 EVP_PKEY, meant for display and human consumption. The description is
43 at the discretion of the key type implementation.
44 EVP_PKEY_get0_provider() returns the provider of the EVP_PKEY's
46 EVP_KEYMGMT(3).
47
49 EVP_PKEY_is_a() returns 1 if pkey has the key type name, otherwise 0.
50 EVP_PKEY_can_sign() returns 1 if the pkey key type functionality
52 supports signing, otherwise 0.
53 EVP_PKEY_get0_type_name() returns the name that is found or NULL on
55 error.
56 EVP_PKEY_get0_description() returns the description if found or NULL if
58 not.
59 EVP_PKEY_get0_provider() returns the provider if found or NULL if not.
61 EVP_PKEY_type_names_do_all() returns 1 if the callback was called for
63 all names. A return value of 0 means that the callback was not called
64 for any names.
65
67 EVP_PKEY_is_a()
68 The loaded providers and what key types they support will ultimately
69 determine what name is possible to use with EVP_PKEY_is_a(). We do
70 know that the default provider supports RSA, DH, DSA and EC keys, so we
71 can use this as an crude example:
72 #include <openssl/evp.h>
74 ...
76 /* |pkey| is an EVP_PKEY* */
77 if (EVP_PKEY_is_a(pkey, "RSA")) {
78 BIGNUM *modulus = NULL;
79 if (EVP_PKEY_get_bn_param(pkey, "n", &modulus))
80 /* do whatever with the modulus */
81 BN_free(modulus);
82 }
83 EVP_PKEY_can_sign()
85 #include <openssl/evp.h>
86 ...
88 /* |pkey| is an EVP_PKEY* */
89 if (!EVP_PKEY_can_sign(pkey)) {
90 fprintf(stderr, "Not a signing key!");
91 exit(1);
92 }
93 /* Sign something... */
94
96 The functions described here were added in OpenSSL 3.0.
97
99 Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
100 Licensed under the Apache License 2.0 (the "License"). You may not use
102 this file except in compliance with the License. You can obtain a copy
103 in the file LICENSE in the source distribution or at
104 <https://www.openssl.org/source/license.html>.
1053.0.5 2022-07-05 EVP_PKEY_IS_A(3ossl)